New Red Team Project Aims to Help Secure Open Source Software

The Linux Foundation has launched the Red Team Project, which incubates open source cybersecurity tools to support cyber range automation, containerized pentesting utilities, binary risk quantification, and standards validation and advancement.

The Red Team Project’s main goal is to make open source software safer to use. They use the same tools, techniques, and procedures used by malicious actors, but in a constructive way to provide feedback and help make open source projects more secure.

We talked with Jason Callaway, Customer Engineer at Google, to learn more about the Red Team project.

Linux Foundation: Can you briefly describe the Red Team project and its history with the Fedora Red Team SIG?

Jason Callaway: I founded the Fedora Red Team SIG with some fellow Red Hatters at Def Con 25. We had some exploit mapping tools that we wanted to build, and I was inspired by Mudge and Sarah Zatko’s Cyber-ITL project; I wanted to make an open source implementation of their methodologies. The Fedora Project graciously hosted us and were tremendous advocates. Now that I’m at Google, I’m fortunate to get to work on the Red Team as my 20% Project, where I hope to broaden its impact and build a more vendor neutral community. Fedora is collaborating with LF, supports our forking the projects, and will have a representative on our technical steering committee.

LF: What are some of the short- and long-term goals of the project?

Jason: Our most immediate goal is to get back up and running. That means migrating GitHub repos, setting up our web and social media presence, and most importantly, getting back to coding. We’re forming a technical steering committee that I think will be a real force multiplier in helping us to stay focused and impactful. We’re also starting a meetup in Washington DC that will alternate between featured speakers and hands-on exploit curation hackathons on a two-week cadence.

LF: Why is open source important to the project?

Jason: Open source is important to us in many ways, but primarily because it’s the right thing to do. Cybersecurity is a global problem that impacts individuals, businesses, governments, everybody. So we have to make open source software safer.

There are lots of folks working on that, and in classic open source fashion, we’re standing on the shoulders of giants. But the Red Team Project hopes to offer some distinctly offensive value to open source software security.

LF: How can the community learn more and get involved?

Jason: I used to have a manager who liked to say, “80% of the job is just showing up.” It was tongue-in-cheek for sure, but it definitely applies to open source projects. To learn more, you can attend our meetups either in person or via Google Hangout, subscribe to our mailing list, and check out our projects on GitHub or our website.